Refactor packet filtering in analyze_pcap to improve timestamp handling and client retrieval
This commit is contained in:
parent
e0d8a3b707
commit
163281cc28
2 changed files with 29 additions and 17 deletions
38
enrich.py
38
enrich.py
|
@ -149,32 +149,44 @@ def get_clients_on_channel(capture, ap_channel, ap_bssid):
|
||||||
return len(clients)
|
return len(clients)
|
||||||
|
|
||||||
def analyze_pcap(pcapng_path, start_ts, end_ts, ap_bssid, ap_channel):
|
def analyze_pcap(pcapng_path, start_ts, end_ts, ap_bssid, ap_channel):
|
||||||
|
|
||||||
cap = pyshark.FileCapture(
|
cap = pyshark.FileCapture(
|
||||||
pcapng_path,
|
pcapng_path,
|
||||||
display_filter=f'frame.time_epoch >= {start_ts} && frame.time_epoch <= {end_ts}',
|
|
||||||
use_json=True,
|
use_json=True,
|
||||||
include_raw=False
|
include_raw=False
|
||||||
)
|
)
|
||||||
|
|
||||||
# Get clients on the specified AP
|
ap_channel = int(ap_channel)
|
||||||
clients_on_ap = get_clients_on_ap(cap, ap_bssid.lower())
|
|
||||||
|
|
||||||
# Get clients on the specified channel
|
clients_on_ap = 0
|
||||||
|
clients_on_channel = 0
|
||||||
|
|
||||||
clients_on_channel = get_clients_on_channel(cap, ap_channel, ap_bssid.lower())
|
try:
|
||||||
|
# Filter packets manually by timestamp
|
||||||
|
filtered_packets = []
|
||||||
|
for packet in cap:
|
||||||
|
try:
|
||||||
|
frame_time = float(packet.frame_info.time_epoch)
|
||||||
|
if start_ts <= frame_time <= end_ts:
|
||||||
|
filtered_packets.append(packet)
|
||||||
|
except Exception:
|
||||||
|
continue
|
||||||
|
|
||||||
# Placeholder: Logic will be added for:
|
clients_on_ap = get_clients_on_ap(filtered_packets, ap_bssid)
|
||||||
# - APsOnChannel
|
clients_on_channel = get_clients_on_channel(filtered_packets, ap_channel, ap_bssid)
|
||||||
# - CongestionScore
|
|
||||||
# - AvgAPSignal
|
|
||||||
# - StrongestAPSignal
|
|
||||||
# - UnlinkedDevices
|
|
||||||
|
|
||||||
cap.close()
|
# Placeholder: Logic will be added for:
|
||||||
|
# - APsOnChannel
|
||||||
|
# - CongestionScore
|
||||||
|
# - AvgAPSignal
|
||||||
|
# - StrongestAPSignal
|
||||||
|
# - UnlinkedDevices
|
||||||
|
|
||||||
|
finally:
|
||||||
|
cap.close()
|
||||||
|
|
||||||
return clients_on_ap, clients_on_channel, 0, None, None, None, 0
|
return clients_on_ap, clients_on_channel, 0, None, None, None, 0
|
||||||
|
|
||||||
|
|
||||||
def main():
|
def main():
|
||||||
args = parse_args()
|
args = parse_args()
|
||||||
cap = pyshark.FileCapture(
|
cap = pyshark.FileCapture(
|
||||||
|
|
|
@ -109,6 +109,10 @@ while [ "$COUNTER" -lt "$NUM_TESTS" ]; do
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
|
echo "Stopping kismet..."
|
||||||
|
|
||||||
|
sudo systemctl stop kismet
|
||||||
|
|
||||||
# Let's enrich the data with passive metrics.
|
# Let's enrich the data with passive metrics.
|
||||||
|
|
||||||
echo "Enriching the data..."
|
echo "Enriching the data..."
|
||||||
|
@ -120,10 +124,6 @@ if [ -z "$KISMET_LOG" ] || [ ! -f "$KISMET_LOG" ]; then
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo "Stopping kismet..."
|
|
||||||
|
|
||||||
sudo systemctl stop kismet
|
|
||||||
|
|
||||||
python3 $SCRIPT_DIRECTORY/enrich.py --csv $TEST_FILE --pcapng "$KISMET_LOG" --output "$ENRICHED_FILE"
|
python3 $SCRIPT_DIRECTORY/enrich.py --csv $TEST_FILE --pcapng "$KISMET_LOG" --output "$ENRICHED_FILE"
|
||||||
|
|
||||||
# Final email with attachment
|
# Final email with attachment
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue